Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method comprising: receiving an access request a first user through a social networking service, the access request indicating a request to access a different cloud-based service managed by a second user; authenticating the first user responsive to receiving the access request; determining a first social network association that exists between the first user and the second user based at least in part on a social graph; determining whether access to the cloud-based service is permitted for the first social network association based at least in part on an access setting of the cloud-based service; and responsive to determining that the access is permitted for the first social network association, generating access permission data including an authentication token to permit the first user to access the cloud-based service.
A method for access control involves receiving an access request from a first user through a social network to access a cloud service managed by a second user. Upon receiving the request, the system authenticates the first user. It then determines the social network connection between the two users based on a social graph. Next, the system checks if the social network connection is permitted to access the cloud service, based on the cloud service's access settings. If access is allowed for that social network connection, the system creates access permission data including an authentication token, enabling the first user to access the cloud service.
2. The method of claim 1 , further comprising: determining an access mode for the first user to access the cloud-based service based at least in part on the first social network association and the access setting.
The access control method described above also determines an access mode for the first user to access the cloud-based service based on the social network connection between the users and the access settings of the cloud service. This access mode could define the level of access the first user has, such as read-only or full access, depending on their relationship and the service owner's configuration.
3. The method of claim 1 , wherein the access setting specifies one or more social network associations permitted to access the cloud-based service.
In the access control method described in claim 1, the access setting for the cloud service specifies one or more social network connections (e.g., "friends," "family," "coworkers") that are permitted to access the cloud service. This allows the service owner to define which groups of people on the social network can access their cloud service.
4. The method of claim 3 , wherein determining whether the access to the cloud-based service is permitted for the first social network association comprises: determining whether the first social network association is included in the one or more social network associations specified in the access setting; and responsive to determining that the first social network association is included in the one or more social network associations, permitting the first user to access the cloud-based service.
When determining if access to the cloud service is permitted for the first user's social network connection, the system checks if that connection is included in the allowed social network connections specified in the cloud service's access settings (as described in claim 3). If the connection is found in the allowed list, the first user is granted access to the cloud service.
5. The method of claim 1 , further comprising: receiving configuration data from the second user; and configuring the access setting for the cloud-based service based at least in part on the configuration data.
The access control method described in claim 1 also includes receiving configuration data from the second user (the cloud service manager) and configuring the access settings for the cloud service based on that data. This allows the service manager to customize who has access to their service through the social network.
6. The method of claim 1 , wherein the cloud-based service is a cloud-based operating system.
In the access control method described in claim 1, the cloud-based service being accessed is a cloud-based operating system. This means a user can gain access to an entire operating system environment hosted in the cloud based on their social network connections.
7. The method of claim 1 , wherein the access setting includes a whitelist of users permitted to access the operating system.
In the access control method described in claim 1, the access setting for the cloud service includes a whitelist of specific users who are permitted to access the operating system. This allows for explicitly granting access to certain individuals, regardless of their social network connection.
8. A computer program product comprising a non-transitory computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to: receive an access request from a first user through a social networking service, the access request indicating a request to access a different cloud-based service managed by a second user; authenticate the first user responsive to receiving the access request; determine a first social network association that exists between the first user and the second user based at least in part on a social graph; determine whether access to the cloud-based service is permitted for the first social network association based at least in part on an access setting of the cloud-based service; and responsive to determining that the access is permitted for the first social network association, generate access permission data including an authentication token to permit the first user to access the cloud-based service.
A computer program product stored on a non-transitory medium, when executed, enables access control by: receiving an access request from a first user through a social network to access a cloud service managed by a second user; authenticating the first user; determining the social network connection between the two users based on a social graph; checking if that connection is permitted based on the cloud service's access settings; and if permitted, generating access permission data with an authentication token, allowing the first user access to the cloud service.
9. The computer program product of claim 8 , wherein the computer readable program when executed on the computer causes the computer to also: determine an access mode for the first user to access the cloud-based service based at least in part on the first social network association and the access setting.
The computer program product described above (claim 8) also determines an access mode for the first user to access the cloud-based service. This access mode is decided based on the social network connection between the users and the access settings of the cloud service, defining the level of access granted.
10. The computer program product of claim 8 , wherein the access setting specifies one or more social network associations permitted to access the cloud-based service.
In the computer program product described in claim 8, the access setting for the cloud service specifies one or more social network connections (e.g., "friends," "family," "coworkers") that are permitted to access the cloud service, enabling granular control over who can access the service through the social network.
11. The computer program product of claim 10 , wherein determining whether the access to the cloud-based service is permitted for the first social network association comprises: determining whether the first social network association is included in the one or more social network associations specified in the access setting; and responsive to determining that the first social network association is included in the one or more social network associations, permitting the first user to access the cloud-based service.
In the computer program product described in claim 10, when deciding if access is permitted, the program checks if the user's social network connection is included in the allowed connections. If the connection is in the list, the user gets access to the cloud service.
12. The computer program product of claim 8 , wherein the computer readable program when executed on the computer causes the computer to also: receive configuration data from the second user; and configure the access setting for the cloud-based service based at least in part on the configuration data.
The computer program product described in claim 8 also receives configuration data from the second user (the cloud service manager) and uses that data to configure the access settings for the cloud service, enabling customization of access permissions.
13. The computer program product of claim 8 , wherein the cloud-based service is a cloud-based operating system.
In the computer program product described in claim 8, the cloud-based service being accessed is a cloud-based operating system, allowing access to a complete operating system environment in the cloud based on social network connections.
14. The computer program product of claim 8 , wherein the access setting includes a whitelist of users permitted to access the operating system.
In the computer program product described in claim 8, the access setting for the cloud service includes a whitelist of specific users permitted to access the operating system, providing explicit access control regardless of social network connections.
15. A system comprising: a controller for receiving an access request from a first user through a social networking service, the access request indicating a request to access a different cloud-based service managed by a second user; an authentication module communicatively coupled to the controller, the authentication module authenticating the first user responsive to receiving the access request; and a permission module communicatively coupled to the authentication module, the permission module determining a first social network association that exists between the first user and the second user based at least in part on a social graph, the permission module determining whether access to the cloud-based service is permitted for the first social network association based at least in part on an access setting of the cloud-based service, and responsive to determining that the access is permitted for the first social network association, the permission module generating access permission data including an authentication token to permit the first user to access the cloud-based service.
A system for access control includes a controller to receive access requests from a first user via a social network to access a cloud service managed by a second user. An authentication module verifies the first user's identity after receiving the access request. A permission module then determines the social connection between the users using a social graph, checks if that connection is allowed based on the cloud service's access settings, and if permitted, generates access permission data with an authentication token, granting access to the first user.
16. The system of claim 15 , wherein the permission module is further configured to: determine an access mode for the first user to access the cloud-based service based at least in part on the first social network association and the access setting.
The system described above (claim 15) also has the permission module configured to determine an access mode for the first user. This access mode is based on the social network connection between the users and the access settings of the cloud service, defining the level of access granted.
17. The system of claim 15 , wherein the access setting specifies one or more social network associations permitted to access the cloud-based service.
In the system described in claim 15, the access setting specifies which social network connections (e.g., "friends," "family," "coworkers") are permitted to access the cloud service, enabling fine-grained access control based on social relationships.
18. The system of claim 17 , wherein the permission module is further configured to: determine whether the first social network association is included in the one or more social network associations specified in the access setting; and responsive to determining that the first social network association is included in the one or more social network associations, permit the first user to access the cloud-based service.
In the system described in claim 17, the permission module determines if the first user's social connection is included in the allowed connections specified in the access settings. If the connection is found in the list, the system allows the user to access the cloud service.
19. The system of claim 15 , wherein the controller is configured to receive configuration data from the second user and further comprising: a configuration module communicatively coupled to the controller, the configuration module configuring the access setting for the cloud-based service based at least in part on the configuration data.
The system described in claim 15 also includes a configuration module connected to the controller. The controller receives configuration data from the second user (service manager), and the configuration module configures the access settings for the cloud service based on this data, allowing the service manager to customize access permissions.
20. The system of claim 15 , wherein the cloud-based service is a cloud-based operating system.
In the system described in claim 15, the cloud-based service being accessed is a cloud-based operating system, granting social network-based access to an entire operating system hosted in the cloud.
Unknown
August 26, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.